Logstash cannot parse httpdate even pattern is correct

rogerwang · February 12, 2020, 6:39am

Hi,
I was converting the filebeat pipeline to logstash since I need to use the translate filter. everything seems fine except the date filter is giving me the "_dateparsefailure" and it is not able to parse the time correctly.

In order to simplify the question, I use below command to debug:

# echo "09/Feb/2020:07:12:13 +1100" | /usr/share/logstash/bin/logstash -e 'input { stdin {} } filter {date { match => [ "message","dd/MMM/yyyy:HH:mm:ss Z" ] } } output { stdout { codec => rubydebug } }'

As you can see in the result, the time is not parsed:

{
      "@version" => "1",
       "message" => "09/Feb/2020:07:12:13 +1100",
          "tags" => [
        [0] "_dateparsefailure"
    ],
    "@timestamp" => 2020-02-12T06:26:35.593Z,
          "host" => "au1-int-elk03"
}

I don't know why this is happened and how to fix the problem.

grumo35 · February 12, 2020, 8:21am

I dont know, this looks strange, have you tried to strip the "/" maybe this is it ?

rogerwang · February 12, 2020, 11:38am

Finally solve it. It should be logstash compatibility issue with the Java 11 openjdk. Once I downgrade the java version to 1.8.0 and the problem is fixed immediately. Just report here in case someone has the same problem.

Topic		Replies	Views
Date filter usage to avoid _dateparsefailure Logstash	4	1335	July 6, 2017
Date Filter - _dateparsefailure Logstash	9	1834	July 13, 2022
Kibana all time _dateparsefailure Logstash	5	412	August 28, 2018
Logstash Data parsing error - _dateparsefailure Logstash	3	2879	August 3, 2017
_dateparsefailure problem Logstash	2	567	July 29, 2019

Logstash cannot parse httpdate even pattern is correct

Related topics